Software as a Service Agreement

1. Parties

1.1 Supplier

Hereinafter "the Supplier"

1.2 Customer

The entity or individual accepting these terms via the platform.

Hereinafter "the Customer"

Below, the Supplier and the Customer are referred to individually as the "Party" and together as the "Parties". This agreement is referred to below as the "Agreement".

2. Background and Purpose of the Agreement

To grant the Customer access to the Ansvar AI threat modeling platform (the "Service"), enabling the Customer to submit system architecture information and receive expert-reviewed threat model reports, subject to the terms and conditions of this Agreement.

3. Definitions

The terms specified below shall, unless another definition is given at their first occurrence in the Agreement, be deemed to have the following meaning:

Agreement

means this software as a service agreement, including any documents attached to it.

Agreement period

refers to the period during which the Agreement is valid.

Commencement date

refers to the day on which the Supplier will begin providing the Service to the Customer in accordance with what is stated in this Agreement.

Incident

means Vulnerability, Virus, unplanned disruption in software or hardware, the operational environment, data loss or data leakage, or other security incidents in the Service.

Maintenance and support

mean the support services that the Supplier provides for support and maintenance of the Services according to the Agreement.

Personal data

shall have the same meaning as stated in Regulation (EU) 2016/679 (General Data Protection Regulation).

The Customer's information

means, including but not limited to, information about the Customer's operations, customers, suppliers, employees, tools, documentation, and software, which the Customer makes available to the Supplier within the framework of the Agreement.

The Service

refers to the software that, following the Agreement, is being provided as a service by the Supplier to the Customer.

Virus

means any malicious software, file or code, or other security attack, including but not limited to viruses, trojans, and worms, which may prevent, impair or otherwise adversely affect the operation of any computer software, hardware, or network.

Vulnerabilities

refer to a weakness, sensitivity, or deficiency in the Service that makes it susceptible to attacks.

4. The Service

The Service is an AI-accelerated threat modeling platform. Customers purchase tokens which are consumed when submitting threat modeling jobs. Each job consists of:

1. Customer uploads system architecture documentation
2. AI-assisted analysis generates draft threat model
3. Expert review and validation by Supplier
4. Delivery of final threat model report and artifacts via the platform

The Service includes access to the customer portal for job submission, status tracking, and report download. Support is provided via email.

5. Term

The Agreement enters into force on the date of signing and is valid until further notice. The mutual notice period is 30 days. The Party must receive a Notice of termination from the other Party in writing or by e-mail.

6. Fees and Payment

6.1 Token-based pricing as displayed on the platform. Tokens are purchased in advance and consumed upon job submission.

6.2 The fee is paid against a separate invoice. The invoice's payment terms are fourteen (14) days net from the invoice date.

6.3 Interest on overdue payments is paid in accordance with the Interest Act (1975:635).

6.4 The Supplier may, without prior notice, cease the provision of the Service or immediately terminate the Agreement in its entirety if relevant fees remain unpaid.

6.5 The Supplier has the right to adjust the fee for the following Agreement Period by notifying the Customer in writing of the adjustment no later than 30 days before the entry into force of the new fee. If the Customer does not accept the new terms, they must notify the Supplier before the new fee comes into effect. If the Customer terminates the Agreement due to the Supplier's price adjustment, the Agreement will be considered terminated on the day the new fee comes into effect.

7. Right to Use the Software

The right to use the Service is not limited by number of users. Access is controlled through the token system described in Section 6.

8. The Customer's Obligations

8.1 The Customer will cooperate with the Supplier and provide all necessary information to allow the Supplier to provide the Services.

8.2 The Customer will ensure that any users with access to the Software comply with the terms of this Agreement.

8.3 The Customer will use the Services in accordance with the terms and conditions of this Agreement. The Customer may not use the Service for any other, or anyone else's, purpose than what is specified in the Agreement.

8.4 The Customer will be responsible for ensuring that security methods, login details, and other information provided by the Supplier for access to the Service are handled with confidentiality equivalent to what is stipulated under the chapter "Confidentiality".

8.5 The Customer may not:

• use all or parts of the software or other software included in the Service, with the purpose of creating a product or service that competes with the Service,
• grant third parties a license to use the Service or otherwise give third parties access to the Service.

8.6 The Customer will:

• ensure that the Customer's information is free of viruses, trojans, worms, or other malicious software or code,
• to the best of its ability, ensure and prevent unauthorized access to the Service. If the Customer uncovers such unauthorized access to the Service, the Customer must immediately notify the Supplier of this,
• immediately notify the Supplier of any Incidents.

9. The Supplier's Obligations

9.1 The Supplier undertakes to provide the Service for the Customer during the Agreement Period following what is stated in this Agreement.

9.2 The Supplier shall provide the Service with reasonable skill and care following generally accepted industry standards.

9.3 The Supplier ensures they have all the necessary rights, licenses, consents, and authorizations to provide the Service according to the Agreement.

9.4 The Supplier is only responsible for the communication between the Supplier and the connection point where the Supplier's network connects to the internet. Therefore, the Supplier is not responsible for problems that arise outside the connection point or are caused by the Customer's internet connection.

9.5 The Supplier may hire a subcontractor for the fulfillment of the Service and other commitments according to the Agreement. The Supplier is responsible for the subcontractor's work as if the Supplier themself performed it.

9.6 If there are technical, maintenance, operational, or security reasons, the Supplier has the right to take planned measures that may affect the availability of the Service. The Supplier must notify the Customer within a reasonable time before such action is taken. To the best of their ability, the Supplier must manage planned measures to a time outside regular working hours and carry out the intervention quickly and in such a way that disruptions are limited.

9.7 The Supplier undertakes to provide Maintenance and Support following the terms of https://www.ansvar.eu.

9.8 The Supplier undertakes to provide the Customer with user documentation for the use of the Service via https://www.ansvar.eu. The user documentation refers to, including but not limited to, user manuals, instructions, and guides.

9.9 The Supplier will provide the Customer with its customer support services during the Supplier's regular business hours. The conditions for the provision of this service can be found at https://www.ansvar.eu.

9.10 The Supplier does not warrant that:

• the Customer's use of the Service will be error-free,
• the Services will meet the Customer's requirements,
• the Service will be free from Vulnerabilities or Viruses,
• the Services will comply with any of the Customer's cybersecurity requirements.

10. Third Party Software

10.1 The Service contains software from third parties ("Third Party Software"). The Third Party Software must be provided following the conditions for the respective Third Party Software conditions.

10.2 The Service utilizes the following third-party components:

• Microsoft Azure (cloud infrastructure) - https://azure.microsoft.com/en-us/support/legal/
• Stripe (payment processing) - https://stripe.com/legal
• OpenAI / Anthropic (AI processing) - applicable terms at provider websites

Customer acknowledges that use of the Service is subject to the terms of these third-party providers. Supplier is not liable for changes to third-party services beyond Supplier's control.

11. Transfer of the Agreement to a Third Party

The Party may neither fully nor partially transfer nor pledge its rights or obligations under the Agreement to a third party without the other Party's written approval.

12. Intellectual Property Rights

12.1 All intellectual property rights relating to the Service belong to the Supplier or, if applicable, the Supplier's suppliers or licensors.

12.2 Nothing in the Agreement constitutes a transfer of intellectual property rights regarding the Service or its software to the Customer. However, such data that arise as part of the Customer's use of the Service shall be owned by the Customer without restriction. The Supplier may only use the Customer's data to fulfill its obligations under the Agreement. However, the Supplier may collect information about performance, statistics, or similar data based on the Service's processing of the Customer's data. The Customer owns all rights to the Customer's information.

12.3 The Supplier guarantees that the use of the Service per the Agreement does not constitute an infringement of a third party's intellectual property rights. If a third party submits a claim to the Customer that the Service constitutes an infringement of said third party's intellectual property rights, the Customer must notify the Supplier of this in writing without delay. At its own expense, the Supplier takes measures necessary to contest and protect the Customer from such claims.

13. Data Protection

13.1 The Parties ensure that they always comply with the regulations and obligations imposed by data protection legislation when processing personal data in connection with this Agreement.

13.2 Where data protection legislation prescribes, the Parties draw up a separate agreement regarding the processing of personal data.

13.3 The Parties undertake to process personal data within the framework of this Agreement according to a separately drawn up data processing agreement. See our Data Processing Agreement.

14. Confidentiality

14.1 The Customer undertakes to keep the Confidential Information received by the Suppliers confidential and not to transfer or disclose it to third parties, apart from what follows from this Agreement. The Customer undertakes to only concern themselves with such Confidential Information received by the Supplier to fulfill this Agreement's purpose. The Customer may not unlawfully prepare access to or otherwise unlawfully acquire Confidential Information held or controlled by the Supplier.

14.2 "Confidential information" refers to any and all information that the Supplier transfers to or discloses to the Customer or their representatives or advisors for purposes related to the Agreement unless the Supplier expressed otherwise at the time of the transfer.

14.3 Commitment to confidentiality does not apply to material or information:

• which at the time of disclosure was generally available or otherwise public or which after disclosure became general knowledge in a way other than through a breach of this Agreement,
• which the Customer can show was known to them before the Supplier provided information about this,
• of which the Customer has been duly informed by a third party without a breach of their confidentiality obligation according to law or agreement having occurred,
• which the Customer has independently developed without using the Confidential Information provided per this Agreement, or
• which the Customer is bound to disclose according to mandatory law, court order, or authority regulation.

14.4 The Customer undertakes to:

• protect the confidentiality of the Confidential Information with adequate and reasonable measures,
• not hand over or disclose Confidential Information to third parties, and
• enter into appropriate confidentiality agreements with the actors who act on behalf of the Customer and who, due to their job description, have access to Confidential Information.

14.5 This confidentiality commitment applies during the Agreement period and for 24 months after the Agreement's termination.

15. Early Termination

15.1 The parties have the right to early termination of the Agreement by written notice to the other Party if:

• the other Party has committed a breach of contract in violation of the provisions of the Agreement and does not take rectification within 30 days from the breach of contract and rectification of this being notified in writing to the Party,
• the other Party has suspended its payments or otherwise can be assumed to have become insolvent, or
• a Party otherwise, per the terms of the Agreement, has the right to terminate the Agreement with immediate effect.

15.2 The Agreement can also be terminated with immediate effect on the part of the Supplier if:

• the Customer takes organizational measures that significantly change the management in a way that substantially hinders the possibility of cooperation between the Parties, or
• the Customer considers itself to have a better right to the Service or otherwise threaten the Supplier's exclusive right by questioning the Supplier's ownership of the Service, making it difficult, or preventing the Supplier's ability to further assign authority to the Service to third parties.

16. Consequences of the Termination of the Agreement

16.1 Upon termination of the Agreement, the Customer's right to use the Service ceases immediately, whereby all granted rights revert to the Supplier. The Customer shall immediately cease all use of the Service and, if applicable, immediately remove any locally installed software obtained by the Supplier as part of the use of the Service. The Customer must, on the Supplier's instructions, destroy and return all material and all copies or other documents relating to the Service.

16.2 At the request of the Customer, the Supplier will, where applicable, store a copy of the Customer's data after the termination of the Agreement. The storage will take place for a total of 30 days from the termination date. The Supplier must assist the Customer with transferring the current data in the appropriate format per the Customer's instructions. If the Customer so wishes, they can request that the data instead be deleted after the Agreement's termination.

16.3 A Party that received Confidential Information must, within 30 days, return, or at the other Party's request, destroy all material, including all copies of material, containing Confidential Information that the Party has in its possession or control.

16.4 Terms and conditions, which by their nature should obviously apply after the term of the Agreement, continue to apply also after the termination of the Agreement.

17. Force Majeure

17.1 Neither Party shall be liable for failure to perform any of its obligations under this Agreement due to an impediment beyond the Party's control which the Party could not reasonably have foreseen at the time of entering the Agreement, and the consequences of which the Party could not reasonably have avoided or overcome.

17.2 Failure to perform arising out of, or caused by, an impediment, directly or indirectly, including without limitations to, strikes or work stoppages, accidents, acts of war or terrorism, civil or military disturbances, nuclear or natural catastrophes, requisition, seizure, currency restrictions, riots, virus outbreaks or epidemics, or changes in legislation (Force Majeure) is covered by the clause.

17.3 In order for a Party to make an exemption on the grounds above, the Party suffering a Force Majeure event shall notify the other Party in writing, as soon as reasonably practicable, that such an event has occurred. Notice in writing must also be given without delay when the exemption has ceased.

17.4 A Force Majeure event excuses the affected Party or Parties from fulfilling their obligations for as long as they are unable to perform due to the event. Each Party shall undertake reasonable efforts to mitigate the effects of the event and resume the performance of the failed obligations as soon as reasonably practicable.

17.5 The reservation regarding contractual conflicts in the labor market shall not be considered a ground for exemption if the Party is subject to or commences such a conflict.

17.6 Regardless of what is stated above about exemption from sanction, the Party has the right to withdraw from the Agreement if the other Party's fulfillment of obligations due to Force majeure is delayed by more than 3 months.

18. Applicable Law

Swedish law shall be applied to this Agreement.

19. Dispute Resolution

Any dispute, controversy, or claim arising from this Agreement shall first be settled by the Parties through friendly negotiations. If the Parties fail to reach an agreement on the dispute, the dispute shall be finally settled by public court.

Contact Information

If you have questions about these Terms, please contact us: